diff --git a/src/ssl.c b/src/ssl.c index 41eec8a84..f7096e518 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -4725,7 +4725,12 @@ int PemToDer(const unsigned char* buff, long longSz, int type, } else #endif #ifdef HAVE_ED25519 - if (header == BEGIN_DSA_PRIV) { + #ifdef HAVE_ECC + if (header == BEGIN_DSA_PRIV) + #else + if (header == BEGIN_ENC_PRIV_KEY) + #endif + { header = BEGIN_EDDSA_PRIV; footer = END_EDDSA_PRIV; } else #endif @@ -5319,7 +5324,9 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, != 0) { #ifdef HAVE_ECC /* could have DER ECC (or pkcs8 ecc), no easy way to tell */ - eccKey = 1; /* so try it out */ + eccKey = 1; /* try it next */ + #elif defined(HAVE_ED25519) + ed25519Key = 1; /* try it next */ #else WOLFSSL_MSG("RSA decode failed and ECC not enabled to try"); ret = WOLFSSL_BAD_FILE; diff --git a/src/tls.c b/src/tls.c index 687f20f9d..e25e76a6d 100755 --- a/src/tls.c +++ b/src/tls.c @@ -5256,7 +5256,7 @@ end: } #endif -#ifdef HAVE_ECC +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) /* Create a key share entry using named elliptic curve parameters group. * Generates a key pair. * @@ -5269,13 +5269,17 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) int ret; byte* keyData = NULL; word32 dataSize; + byte* keyPtr = NULL; word32 keySize; - ecc_key* eccKey = NULL; +#ifdef HAVE_ECC + ecc_key* eccKey; word16 curveId; +#endif /* TODO: [TLS13] The key sizes should come from wolfcrypt. */ /* Translate named group to a curve id. */ switch (kse->group) { +#ifdef HAVE_ECC #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) #ifndef NO_ECC_SECP case WOLFSSL_ECC_SECP256R1: @@ -5303,52 +5307,49 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) break; #endif /* !NO_ECC_SECP */ #endif +#endif #ifdef HAVE_CURVE25519 case WOLFSSL_ECC_X25519: { - curve25519_key* key; + curve25519_key* curve_key; /* Allocate an ECC key to hold private key. */ - key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), + keyPtr = (byte*)XMALLOC(sizeof(curve25519_key), ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - if (key == NULL) { + if (keyPtr == NULL) { WOLFSSL_MSG("EccTempKey Memory error"); return MEMORY_E; } + curve_key = (curve25519_key*)keyPtr; dataSize = keySize = 32; /* Make an ECC key. */ - ret = wc_curve25519_init(key); - if (ret != 0) { - eccKey = (ecc_key*)key; /* assign for freeing key */ + ret = wc_curve25519_init(curve_key); + if (ret != 0) goto end; - } - ret = wc_curve25519_make_key(ssl->rng, keySize, key); - if (ret != 0) { - eccKey = (ecc_key*)key; /* assign for freeing key */ + ret = wc_curve25519_make_key(ssl->rng, keySize, curve_key); + if (ret != 0) goto end; - } + /* Allocate space for the public key. */ keyData = (byte*)XMALLOC(dataSize, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (keyData == NULL) { WOLFSSL_MSG("Key data Memory error"); ret = MEMORY_E; - eccKey = (ecc_key*)key; /* assign for freeing key */ goto end; } /* Export public key. */ - if (wc_curve25519_export_public_ex(key, keyData, &dataSize, + if (wc_curve25519_export_public_ex(curve_key, keyData, &dataSize, EC25519_LITTLE_ENDIAN) != 0) { ret = ECC_EXPORT_ERROR; - eccKey = (ecc_key*)key; /* assign for freeing key */ goto end; } kse->ke = keyData; kse->keLen = dataSize; - kse->key = key; + kse->key = keyPtr; #ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("Public Curve25519 Key"); @@ -5368,13 +5369,15 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) return BAD_FUNC_ARG; } +#ifdef HAVE_ECC /* Allocate an ECC key to hold private key. */ - eccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), ssl->heap, + keyPtr = (byte*)XMALLOC(sizeof(ecc_key), ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - if (eccKey == NULL) { + if (keyPtr == NULL) { WOLFSSL_MSG("EccTempKey Memory error"); return MEMORY_E; } + eccKey = (ecc_key*)keyPtr; /* Make an ECC key. */ ret = wc_ecc_init_ex(eccKey, ssl->heap, ssl->devId); @@ -5406,20 +5409,21 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) kse->ke = keyData; kse->keLen = dataSize; - kse->key = eccKey; + kse->key = keyPtr; #ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("Public ECC Key"); WOLFSSL_BUFFER(keyData, dataSize); #endif +#endif /* HAVE_ECC */ end: if (ret != 0) { /* Data owned by key share entry otherwise. */ - if (eccKey != NULL) - XFREE(eccKey, ssl->heap, DYNAMIC_TYPE_TLSX); + if (keyPtr != NULL) + XFREE(keyPtr, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); if (keyData != NULL) - XFREE(keyData, ssl->heap, DYNAMIC_TYPE_TLSX); + XFREE(keyData, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); } return ret; } @@ -5437,7 +5441,7 @@ static int TLSX_KeyShare_GenKey(WOLFSSL *ssl, KeyShareEntry *kse) if ((kse->group & NAMED_DH_MASK) == NAMED_DH_MASK) return TLSX_KeyShare_GenDhKey(ssl, kse); #endif -#ifdef HAVE_ECC +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) return TLSX_KeyShare_GenEccKey(ssl, kse); #else return NOT_COMPILED_IN; diff --git a/tests/api.c b/tests/api.c index dc74da332..ca0ab7183 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18123,6 +18123,14 @@ static int test_tls13_apis(void) WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1), WOLFSSL_SUCCESS); +#elif defined(HAVE_CURVE25519) + AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), BAD_FUNC_ARG); + AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519), + SIDE_ERROR); + AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519), + WOLFSSL_SUCCESS); + AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519), + WOLFSSL_SUCCESS); #else AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1),